Online lending privacy rules tightened
The National Privacy Commission (NPC) barred online lenders from using their customers’ personal information as a tool for harassment, more than a year after the agency ran after companies who publicly shamed borrowers into paying back their overdue debts.
The NPC issued a circular on Monday outlining what lending operators can and cannot do with the personal information of their borrowers. It has been more than a year since NPC started pursuing these online lenders, who have thrived on a business model built on threats and harassment.
The circular was issued because the same complaints still persist, the NPC said in a statement.
However, the agency did not disclose the extent of the problem, except to say that the complaints it received declined 90 percent after it ordered the shutdown of 26 online lending companies in October 2019.
According to Circular No. 20-01, online lenders can only collect personal data they need for their “know your customer (KYC)” policies and in determining creditworthiness. However, they are prohibited from requiring unnecessary permissions that involve personal and sensitive information.
The circular prohibited online lenders from having access to contact details such as phone contact lists and email lists. They are also prohibited from “harvesting” social media contacts or saving these contacts for debt collection later, or to harass the borrower or the contacts of the borrower. The circular said the app could still ask for permission to access the phone camera and take a photo of the borrower, or to choose a picture from the photo gallery—but only for the purpose of KYC policies and preventing fraud at the start of the loan application,.
Once the photo has already been taken, the app should turn off the permission that allowed the lender access to the borrower’s phone camera. At the very least, the app should remind the borrower to turn off the permission such as through pop-up notices.
This is important since keeping access to the phone camera “is no longer necessary for the operation of the application,” the circular read.
“In no way shall the borrower’s photo be used to harass or embarrass the borrower in order to collect a delinquent loan,” the circular said.
When the circular comes into effect after two weeks of its publication, all lending and financing companies that still have their borrowers’ contact lists “in whatever form in violation of the guidelines” are mandated to remove the information, the NPC said. They said they should do so “in a secure manner that would prevent further unauthorized processing, access or disclosure to any other party or the public.”
“The National Privacy Commission is issuing this circular for the appropriate and respectable treatment of borrower’s personal information,’’ Privacy Commissioner Raymund Liboro said.
He said online lending applications should design their business processes with privacy by design and default and with complete adherence to the principles of the Data Privacy Act.
“Once again we remind online lending operators and businesses to take their customers’ data privacy seriously and deploy adequate security measures. For the public, we hope this circular will help them keep an eye out for red flags while they are in the process of borrowing money from online lenders,’’ Liboro added. INQ
